/*     */ package com.zimbra.qa.unittest;
/*     */ 
/*     */ import com.zimbra.client.ZMailbox;
/*     */ import com.zimbra.common.httpclient.HttpClientUtil;
/*     */ import com.zimbra.common.localconfig.KnownKey;
/*     */ import com.zimbra.common.localconfig.LC;
/*     */ import com.zimbra.common.service.ServiceException;
/*     */ import com.zimbra.common.soap.Element;
/*     */ import com.zimbra.common.soap.SoapHttpTransport;
/*     */ import com.zimbra.common.soap.SoapProtocol;
/*     */ import com.zimbra.common.util.Log;
/*     */ import com.zimbra.common.util.ZimbraCookie;
/*     */ import com.zimbra.common.util.ZimbraHttpConnectionManager;
/*     */ import com.zimbra.common.util.ZimbraLog;
/*     */ import com.zimbra.cs.account.Provisioning;
/*     */ import com.zimbra.cs.account.Server;
/*     */ import com.zimbra.soap.JaxbUtil;
/*     */ import com.zimbra.soap.admin.message.AuthRequest;
/*     */ import com.zimbra.soap.admin.message.AuthResponse;
/*     */ import java.io.IOException;
/*     */ import java.net.URI;
/*     */ import java.util.ArrayList;
/*     */ import java.util.List;
/*     */ import junit.framework.TestCase;
/*     */ import org.apache.commons.httpclient.Cookie;
/*     */ import org.apache.commons.httpclient.Header;
/*     */ import org.apache.commons.httpclient.HeaderElement;
/*     */ import org.apache.commons.httpclient.HttpClient;
/*     */ import org.apache.commons.httpclient.HttpMethod;
/*     */ import org.apache.commons.httpclient.HttpState;
/*     */ import org.apache.commons.httpclient.methods.PostMethod;
/*     */ import org.apache.commons.httpclient.methods.multipart.ByteArrayPartSource;
/*     */ import org.apache.commons.httpclient.methods.multipart.FilePart;
/*     */ import org.apache.commons.httpclient.methods.multipart.MultipartRequestEntity;
/*     */ import org.apache.commons.httpclient.methods.multipart.Part;
/*     */ import org.apache.commons.httpclient.methods.multipart.StringPart;
/*     */ import org.apache.commons.httpclient.params.HttpClientParams;
/*     */ import org.junit.Test;
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ public class TestFileUpload
/*     */   extends TestCase
/*     */ {
/*     */   private static final String USER_NAME = "user1";
/*  58 */   private static final String NAME_PREFIX = TestFileUpload.class.getSimpleName();
/*     */   private static final String FILE_NAME = "my_zimlet.zip";
/*  60 */   private static String RESP_STR = "window.parent._uploadManager.loaded";
/*  61 */   private static String ADMIN_UPLOAD_URL = "/service/upload";
/*     */   
/*     */   public void setUp() throws Exception {
/*  64 */     cleanUp();
/*     */   }
/*     */   
/*     */   public void testUnauthorizedExtended() throws Exception {
/*  68 */     ZMailbox mbox = TestUtil.getZMailbox("user1");
/*  69 */     String uriString = mbox.getUploadURI().toString().replace("fmt=raw", "fmt=extended");
/*  70 */     URI uri = new URI(uriString);
/*  71 */     String responseContent = postAndVerify(mbox, uri, true);
/*  72 */     assertTrue(responseContent, responseContent.contains("401,"));
/*     */   }
/*     */   
/*     */   public void testUnauthorizedRaw() throws Exception {
/*  76 */     ZMailbox mbox = TestUtil.getZMailbox("user1");
/*  77 */     URI uri = mbox.getUploadURI();
/*  78 */     String responseContent = postAndVerify(mbox, uri, true);
/*  79 */     assertTrue(responseContent, responseContent.startsWith("401,"));
/*     */   }
/*     */   
/*     */   public void testRaw() throws Exception {
/*  83 */     ZMailbox mbox = TestUtil.getZMailbox("user1");
/*  84 */     URI uri = mbox.getUploadURI();
/*  85 */     String responseContent = postAndVerify(mbox, uri, false);
/*  86 */     assertTrue(responseContent, responseContent.startsWith("200,"));
/*     */   }
/*     */   
/*     */   public void testRawEmpty() throws Exception {
/*  90 */     ZMailbox mbox = TestUtil.getZMailbox("user1");
/*  91 */     URI uri = mbox.getUploadURI();
/*  92 */     String responseContent = postAndVerify(mbox, uri, false, "rawEmpty", null);
/*  93 */     assertTrue(responseContent, responseContent.startsWith("204,"));
/*     */   }
/*     */   
/*     */   @Test
/*     */   public void testAdminUploadWithCsrfInHeader() throws Exception {
/*  98 */     SoapHttpTransport transport = new SoapHttpTransport(TestUtil.getAdminSoapUrl());
/*  99 */     AuthRequest req = new AuthRequest(LC.zimbra_ldap_user.value(), LC.zimbra_ldap_password.value());
/*     */     
/* 101 */     req.setCsrfSupported(Boolean.valueOf(true));
/* 102 */     Element response = transport.invoke(JaxbUtil.jaxbToElement(req, SoapProtocol.SoapJS.getFactory()));
/* 103 */     AuthResponse authResp = (AuthResponse)JaxbUtil.elementToJaxb(response);
/* 104 */     String authToken = authResp.getAuthToken();
/* 105 */     String csrfToken = authResp.getCsrfToken();
/* 106 */     int port = 7071;
/*     */     try {
/* 108 */       port = Provisioning.getInstance().getLocalServer().getIntAttr("zimbraAdminPort", 0);
/*     */     } catch (ServiceException e) {
/* 110 */       ZimbraLog.test.error("Unable to get admin SOAP port", e);
/*     */     }
/* 112 */     String Url = "https://localhost:" + port + ADMIN_UPLOAD_URL;
/* 113 */     PostMethod post = new PostMethod(Url);
/* 114 */     FilePart part = new FilePart("my_zimlet.zip", new ByteArrayPartSource("my_zimlet.zip", "some file content".getBytes()));
/* 115 */     String contentType = "application/x-msdownload";
/* 116 */     part.setContentType(contentType);
/* 117 */     HttpClient client = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient();
/* 118 */     HttpState state = new HttpState();
/* 119 */     state.addCookie(new Cookie("localhost", ZimbraCookie.authTokenCookieName(true), authToken, "/", null, false));
/*     */     
/* 121 */     client.getParams().setCookiePolicy("compatibility");
/* 122 */     client.setState(state);
/* 123 */     post.setRequestEntity(new MultipartRequestEntity(new Part[] { part }, post.getParams()));
/* 124 */     post.addRequestHeader("X-Zimbra-Csrf-Token", csrfToken);
/* 125 */     int statusCode = HttpClientUtil.executeMethod(client, post);
/* 126 */     assertEquals("This request should succeed. Getting status code " + statusCode, 200, statusCode);
/* 127 */     String resp = post.getResponseBodyAsString();
/* 128 */     assertNotNull("Response should not be empty", resp);
/* 129 */     assertTrue("Incorrect HTML response", resp.contains(RESP_STR));
/*     */   }
/*     */   
/*     */   @Test
/*     */   public void testMissingCsrfAdminUpload() throws Exception {
/* 134 */     SoapHttpTransport transport = new SoapHttpTransport(TestUtil.getAdminSoapUrl());
/* 135 */     AuthRequest req = new AuthRequest(LC.zimbra_ldap_user.value(), LC.zimbra_ldap_password.value());
/*     */     
/* 137 */     req.setCsrfSupported(Boolean.valueOf(true));
/* 138 */     Element response = transport.invoke(JaxbUtil.jaxbToElement(req, SoapProtocol.SoapJS.getFactory()));
/* 139 */     AuthResponse authResp = (AuthResponse)JaxbUtil.elementToJaxb(response);
/* 140 */     String authToken = authResp.getAuthToken();
/* 141 */     int port = 7071;
/*     */     try {
/* 143 */       port = Provisioning.getInstance().getLocalServer().getIntAttr("zimbraAdminPort", 0);
/*     */     } catch (ServiceException e) {
/* 145 */       ZimbraLog.test.error("Unable to get admin SOAP port", e);
/*     */     }
/* 147 */     String Url = "https://localhost:" + port + ADMIN_UPLOAD_URL;
/* 148 */     PostMethod post = new PostMethod(Url);
/* 149 */     FilePart part = new FilePart("my_zimlet.zip", new ByteArrayPartSource("my_zimlet.zip", "some file content".getBytes()));
/* 150 */     String contentType = "application/x-msdownload";
/* 151 */     part.setContentType(contentType);
/* 152 */     HttpClient client = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient();
/* 153 */     HttpState state = new HttpState();
/* 154 */     state.addCookie(new Cookie("localhost", ZimbraCookie.authTokenCookieName(true), authToken, "/", null, false));
/*     */     
/* 156 */     client.getParams().setCookiePolicy("compatibility");
/* 157 */     client.setState(state);
/* 158 */     post.setRequestEntity(new MultipartRequestEntity(new Part[] { part }, post.getParams()));
/* 159 */     int statusCode = HttpClientUtil.executeMethod(client, post);
/* 160 */     assertEquals("This request should succeed. Getting status code " + statusCode, 200, statusCode);
/* 161 */     String resp = post.getResponseBodyAsString();
/* 162 */     assertNotNull("Response should not be empty", resp);
/* 163 */     assertTrue("Incorrect HTML response", resp.contains(RESP_STR));
/*     */   }
/*     */   
/*     */   @Test
/*     */   public void testAdminUploadWithCsrfInFormField() throws Exception {
/* 168 */     SoapHttpTransport transport = new SoapHttpTransport(TestUtil.getAdminSoapUrl());
/* 169 */     AuthRequest req = new AuthRequest(LC.zimbra_ldap_user.value(), LC.zimbra_ldap_password.value());
/*     */     
/* 171 */     req.setCsrfSupported(Boolean.valueOf(true));
/* 172 */     Element response = transport.invoke(JaxbUtil.jaxbToElement(req, SoapProtocol.SoapJS.getFactory()));
/* 173 */     AuthResponse authResp = (AuthResponse)JaxbUtil.elementToJaxb(response);
/* 174 */     String authToken = authResp.getAuthToken();
/* 175 */     String csrfToken = authResp.getCsrfToken();
/* 176 */     int port = 7071;
/*     */     try {
/* 178 */       port = Provisioning.getInstance().getLocalServer().getIntAttr("zimbraAdminPort", 0);
/*     */     } catch (ServiceException e) {
/* 180 */       ZimbraLog.test.error("Unable to get admin SOAP port", e);
/*     */     }
/* 182 */     String Url = "https://localhost:" + port + ADMIN_UPLOAD_URL;
/* 183 */     PostMethod post = new PostMethod(Url);
/* 184 */     FilePart part = new FilePart("my_zimlet.zip", new ByteArrayPartSource("my_zimlet.zip", "some file content".getBytes()));
/* 185 */     Part csrfPart = new StringPart("csrfToken", csrfToken);
/* 186 */     String contentType = "application/x-msdownload";
/* 187 */     part.setContentType(contentType);
/* 188 */     HttpClient client = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient();
/* 189 */     HttpState state = new HttpState();
/* 190 */     state.addCookie(new Cookie("localhost", ZimbraCookie.authTokenCookieName(true), authToken, "/", null, false));
/*     */     
/* 192 */     client.getParams().setCookiePolicy("compatibility");
/* 193 */     client.setState(state);
/* 194 */     post.setRequestEntity(new MultipartRequestEntity(new Part[] { part, csrfPart }, post.getParams()));
/* 195 */     int statusCode = HttpClientUtil.executeMethod(client, post);
/* 196 */     assertEquals("This request should succeed. Getting status code " + statusCode, 200, statusCode);
/* 197 */     String resp = post.getResponseBodyAsString();
/* 198 */     assertNotNull("Response should not be empty", resp);
/* 199 */     assertTrue("Incorrect HTML response", resp.contains(RESP_STR));
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */ 
/*     */   public void testRequestIdScript()
/*     */     throws Exception
/*     */   {
/* 208 */     ZMailbox mbox = TestUtil.getZMailbox("user1");
/* 209 */     URI uri = mbox.getUploadURI();
/* 210 */     String responseContent = postAndVerify(mbox, uri, false, "<script></script>", "anything");
/* 211 */     assertFalse("Response does not contain 'script': " + responseContent, responseContent.contains("script"));
/* 212 */     assertTrue(responseContent, responseContent.startsWith("400,"));
/*     */   }
/*     */   
/*     */   public void testRequestIdAlert() throws Exception {
/* 216 */     ZMailbox mbox = TestUtil.getZMailbox("user1");
/* 217 */     URI uri = mbox.getUploadURI();
/* 218 */     String responseContent = postAndVerify(mbox, uri, false, "alert(1)", null);
/* 219 */     assertFalse("Response does not contain 'alert': " + responseContent, responseContent.contains("alert"));
/* 220 */     assertTrue(responseContent, responseContent.startsWith("400,"));
/*     */   }
/*     */   
/*     */   private String postAndVerify(ZMailbox mbox, URI uri, boolean clearCookies) throws IOException
/*     */   {
/* 225 */     return postAndVerify(mbox, uri, clearCookies, "myReqId", "some data");
/*     */   }
/*     */   
/*     */   private String postAndVerify(ZMailbox mbox, URI uri, boolean clearCookies, String requestId, String attContent) throws IOException
/*     */   {
/* 230 */     HttpClient client = mbox.getHttpClient(uri);
/* 231 */     if (clearCookies) {
/* 232 */       client.getState().clearCookies();
/*     */     }
/*     */     
/* 235 */     List<Part> parts = new ArrayList();
/* 236 */     parts.add(new StringPart("requestId", requestId));
/* 237 */     if (attContent != null) {
/* 238 */       parts.add(mbox.createAttachmentPart("test.txt", attContent.getBytes()));
/*     */     }
/*     */     
/* 241 */     PostMethod post = new PostMethod(uri.toString());
/* 242 */     post.setRequestEntity(new MultipartRequestEntity((Part[])parts.toArray(new Part[parts.size()]), post.getParams()));
/* 243 */     int status = HttpClientUtil.executeMethod(client, post);
/* 244 */     assertEquals(200, status);
/*     */     
/* 246 */     String contentType = getHeaderValue(post, "Content-Type");
/* 247 */     assertTrue(contentType, contentType.startsWith("text/html"));
/* 248 */     String content = post.getResponseBodyAsString();
/* 249 */     post.releaseConnection();
/* 250 */     return content;
/*     */   }
/*     */   
/*     */   private String getHeaderValue(HttpMethod method, String name) {
/* 254 */     HeaderElement[] header = method.getResponseHeader(name).getElements();
/* 255 */     String value = null;
/* 256 */     if (header.length > 0) {
/* 257 */       value = header[0].getName();
/*     */     }
/* 259 */     return value;
/*     */   }
/*     */   
/*     */   public void tearDown() throws Exception {
/* 263 */     cleanUp();
/*     */   }
/*     */   
/*     */   private void cleanUp() throws Exception {
/* 267 */     TestUtil.deleteTestData("user1", NAME_PREFIX);
/*     */   }
/*     */   
/*     */   public static void main(String[] args) throws Exception {
/* 271 */     TestUtil.cliSetup();
/* 272 */     TestUtil.runTest(TestFileUpload.class);
/*     */   }
/*     */ }


/* Location:              /home/mint/zimbrastore.jar!/com/zimbra/qa/unittest/TestFileUpload.class
 * Java compiler version: 7 (51.0)
 * JD-Core Version:       0.7.1
 */